Secunia Security Advisory - Debian has issued an update for linux-2.6. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and to potentially gain escalated privileges, by malicious people with physical access to potentially compromise a vulnerable system, and by malicious people to cause a DoS and potentially compromise a vulnerable system.

Secunia Security Advisory - Fedora has issued an update for cherokee. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to conduct brute force attacks and by malicious people to conduct cross-site request forgery attacks.

Secunia Security Advisory - Two vulnerabilities have been reported in Barracuda IM Firewall, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory - Ubuntu has issued an update for linux and linux-ec2. This fixes two weaknesses and multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and to potentially gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system.

Secunia Security Advisory - Multiple vulnerabilities have been reported in Atlassian JIRA, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory - Fedora has issued an update for qt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

Secunia Security Advisory - Multiple vulnerabilities have been reported in Proficy Historian, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

This Metasploit module exploits a stack buffer overflow vulnerability in NJStar Communicator Version 3.00 MiniSMTP server. The MiniSMTP application can be seen in multiple NJStar products, and will continue to run in the background even if the software is already shutdown. According to the vendor's testimonials, NJStar software is also used by well known companies such as Siemens, NEC, Google, Yahoo, eBay; government agencies such as the FBI, Department of Justice (HK); as well as a long list of universities such as Yale, Harvard, University of Tokyo, etc.

This Metasploit module exploits a stack buffer overflow vulnerability in NJStar Communicator Version 3.00 MiniSMTP server. The MiniSMTP application can be seen in multiple NJStar products, and will continue to run in the background even if the software is already shutdown. According to the vendor's testimonials, NJStar software is also used by well known companies such as Siemens, NEC, Google, Yahoo, eBay; government agencies such as the FBI, Department of Justice (HK); as well as a long list of universities such as Yale, Harvard, University of Tokyo, etc.

This Metasploit module exploits a stack buffer overflow vulnerability in NJStar Communicator Version 3.00 MiniSMTP server. The MiniSMTP application can be seen in multiple NJStar products, and will continue to run in the background even if the software is already shutdown. According to the vendor's testimonials, NJStar software is also used by well known companies such as Siemens, NEC, Google, Yahoo, eBay; government agencies such as the FBI, Department of Justice (HK); as well as a long list of universities such as Yale, Harvard, University of Tokyo, etc.

Red Hat Security Advisory 2011-1419-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. A flaw was found in the Linux kernel's clock implementation on 32-bit, SMP systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service.

Red Hat Security Advisory 2011-1419-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. A flaw was found in the Linux kernel's clock implementation on 32-bit, SMP systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service.

Red Hat Security Advisory 2011-1419-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. A flaw was found in the Linux kernel's clock implementation on 32-bit, SMP systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service.

Red Hat Security Advisory 2011-1418-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the Linux kernel's clock implementation on 32-bit, SMP systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service.

Red Hat Security Advisory 2011-1418-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the Linux kernel's clock implementation on 32-bit, SMP systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service.

Red Hat Security Advisory 2011-1418-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the Linux kernel's clock implementation on 32-bit, SMP systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service.

Is maybe abit of this chatter wich aids them to see how important it
is to link to the community who find 99.9% of bugs.... i am glad to
see *any* expansions within any corporation, it means they are atleast
listening to those who know better maybe than they do... but theyre
still guilty of trying to reproduce the bug first, to escape paying
the bountys, now, they must see that, obviously the security industry
thinks...

The default installation of the IBM WebSphere Application Server is deployed with a 'help' servlet which is designed to serve supporting documentation for the WebSphere system. When the 'help' servlet processes a URL that contains a reference to a Java plug-in Bundle that is registered with the Eclipse Platform Runtime Environment of the WebSphere Application Server, the 'help' servlet fails to ensure that the submitted URL refers to a file that is both located within the web root of the servlet and is of a type that is allowed to be served. An unauthenticated remote attacker can use this weakness in the 'help' servlet to retrieve arbitrary system files from the host that is running the 'help' servlet. This can be accomplished by submitting a URL which refers to a registered Java plug-in Bundle followed by a relative path to the desired file.

The default installation of the IBM WebSphere Application Server is deployed with a 'help' servlet which is designed to serve supporting documentation for the WebSphere system. When the 'help' servlet processes a URL that contains a reference to a Java plug-in Bundle that is registered with the Eclipse Platform Runtime Environment of the WebSphere Application Server, the 'help' servlet fails to ensure that the submitted URL refers to a file that is both located within the web root of the servlet and is of a type that is allowed to be served. An unauthenticated remote attacker can use this weakness in the 'help' servlet to retrieve arbitrary system files from the host that is running the 'help' servlet. This can be accomplished by submitting a URL which refers to a registered Java plug-in Bundle followed by a relative path to the desired file.

The default installation of the IBM WebSphere Application Server is deployed with a 'help' servlet which is designed to serve supporting documentation for the WebSphere system. When the 'help' servlet processes a URL that contains a reference to a Java plug-in Bundle that is registered with the Eclipse Platform Runtime Environment of the WebSphere Application Server, the 'help' servlet fails to ensure that the submitted URL refers to a file that is both located within the web root of the servlet and is of a type that is allowed to be served. An unauthenticated remote attacker can use this weakness in the 'help' servlet to retrieve arbitrary system files from the host that is running the 'help' servlet. This can be accomplished by submitting a URL which refers to a registered Java plug-in Bundle followed by a relative path to the desired file.

“I can’t hear myself in the mix,” “yeah, man, I’ll be there at 8,” and “dude, we need like four more mics.” Each and every one of these words is documented in actuarial tables and doesn’t bode well for your sound tech’s risk of a stroke. Luckily, there’s an even better way to kill your [...]

I sort of have to agree with this, as I earlier stated, FB somehow
seems to affect even those who dont use it (like me), but all my
family, and theyre friends and theyre friends, as i know, neary
everyone i know uses it but me!
I guess this is why I am abit peeved at theyre offer of 500bux for a
bug but again, this is 90% more than 99% of the others out there would
offer :s
This is a large netork, and as i know myspace failed due to many bugs
and...

Hey great read,
very true, there is way too little money in this area, but thats
what i am hoping to change, albeit pinch per punch and company by
company, slowly if more people turn to some ideals that you must
atleast know how to make the exploit and then how to debug it enough,
then to present it appropriately, full-disclosure or no disclosure, it
would work for me on how that first email breaks, if the company sees
me as someone who can...

[Spode] has been rocking out with a pair of Shure E4C earphones for about six years now, and he has no intentions of buying another set any time soon. The earphones cost him £200, so when the right channel started acting up, he decided to fix them rather than toss them in the trash bin. [...]

Small and more powerful… what more can you want? This is the newest BeagleBoard offering, called the BeagleBone. It’s packed with some pretty intriguing features, but let’s take a tour of the hardware first. Like its predecessors, the BeagleBone sports an ARM processor. This time around it’s a TI AM3358 ARM Cortex-A8. It will ship with [...]

[i] Plugin 10107 reported a result on port http (80/tcp) of 192.168.1.92[i] Plugin 38157 reported a result on port http (80/tcp) of 192.168.1.92

+ Results found on 192.168.1.92+ - Port http (80/tcp) is open [i] Plugin ID 38157 Synopsis : The remote web server contains a document sharing software Description : The remote web server is running SharePoint, a web interface for document management. As this interface is likely to contain sensitive information, make sure only authorized personel can log into this site See also : http://www.microsoft.com/Sharepoint/default.mspx

Solution : Make sure the proper access controls are put in place

Risk factor : None

Plugin output : The following instance of SharePoint was detected on the remote host :

[i] Plugin 10107 reported a result on port http (80/tcp) of 192.168.1.92[i] Plugin 38157 reported a result on port http (80/tcp) of 192.168.1.92

+ Results found on 192.168.1.92+ - Port http (80/tcp) is open [i] Plugin ID 38157 Synopsis : The remote web server contains a document sharing software Description : The remote web server is running SharePoint, a web interface for document management. As this interface is likely to contain sensitive information, make sure only authorized personel can log into this site See also : http://www.microsoft.com/Sharepoint/default.mspx

Solution : Make sure the proper access controls are put in place

Risk factor : None

Plugin output : The following instance of SharePoint was detected on the remote host :

[Anthony Pray] had his car stereo stolen. When thinking about replacing it he realized the he and his wife never used it for anything other than an Auxiliary connection to play songs from their cellphones. So instead of buying a head unit he pulled an unused home audio amplifier out of a dark corner of [...]

================== nsec.ir =================
Description:
Input passed via the "str" parameter to IBSng/util/show_multistr.php is not properly sanitised before being returned to
the user. This can be exploited to execute arbitrary HTML and script code...

[Cjmekeel] spent weeks getting his Halloween display ready this year. The centerpiece of his offering is this full-sized motorized skeleton. But there’s a few other gems that he worked on to compliment it. There’s an old-fashioned radio whose dial moves mysteriously and plays a news flash warning of an escaped mental patient. He also spent [...]

Typically, when people hear that you’ve made a Halloween costume for your dog, the statement is met with the eye rolling and polite lies about how cute the outfit is. There are few exceptions to this rule, and [Dino’s] latest creation is one of them. For this week’s entry in his Hack a Week series, [...]

[Kevin Harrington] throws a curve ball with this skeleton in a coffin. Instead of going for the cheap scare, he conjures memories of old cartoons when the bony figure puts on a song and dance. When activated it leans forward to hang out of the coffin donning a tattered tuxedo and top hat. You can hear [...]

DirBuster is another great tool from the OWASP chaps, it’s basically a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. [...]

For some ungodly reason, [Scott] has a friend that wanted a ‘sexting themed’ Halloween costume. We won’t try to make any presumptions of the creativity or mental stability of [Scott]‘s friend, but the SMS scrolling LED belt buckle he came up with is pretty cool. The belt is based around a $13 scrolling LED belt [...]

Mandriva Linux Security Advisory 2011-162 - KDE KSSL in kdelibs does not properly handle a NUL character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. The updated packages have been patched to correct these issues.

Mandriva Linux Security Advisory 2011-162 - KDE KSSL in kdelibs does not properly handle a NUL character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. The updated packages have been patched to correct these issues.

Mandriva Linux Security Advisory 2011-162 - KDE KSSL in kdelibs does not properly handle a NUL character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. The updated packages have been patched to correct these issues.

Gentoo Linux Security Advisory 201111-1 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code and local root privilege escalation. Versions less than 15.0.874.102 are affected.

Gentoo Linux Security Advisory 201111-1 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code and local root privilege escalation. Versions less than 15.0.874.102 are affected.

Gentoo Linux Security Advisory 201111-1 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code and local root privilege escalation. Versions less than 15.0.874.102 are affected.

Yes to a certain degree its all about " Saving FACE". .. however FB's
30member integrity team is only bothered about how to manage the vectors
that have been primed to protect.

FB is the largest network "protected" .. (YES big word Protected !! / they
have over 25B checks per day and reaching upto 65K/sec at peak. Building
an Immune System as large as FB's takes time, but its only on known
vectors. The unknown is...

This short paper describes the trash attack which is effective against the majority of fully- verifiable election systems. The paper then offers a simple but counter-intuitive mitigation which can be incorporated within many such schemes to substantially reduce the effectiveness of the attack. This mitigation also offers additional benefits as it significantly improves the statistical properties of existing verifiable systems.

This short paper describes the trash attack which is effective against the majority of fully- verifiable election systems. The paper then offers a simple but counter-intuitive mitigation which can be incorporated within many such schemes to substantially reduce the effectiveness of the attack. This mitigation also offers additional benefits as it significantly improves the statistical properties of existing verifiable systems.

Face Book is trying to save its face. It's typical.
I got the same answer from SonicWALL one year ago when discovered that simple internal network scanning (Nessus, Nmap,
etc.) brings down entire network. The firewall internal TCP connections stack was overloaded within a few seconds (IPS
is not enabled, thus was not accepting new connections.

[Shawn] was looking for a way to shake up his decorations this Halloween and decided to build a new prop for his front yard. He had a pair of old oil barrels in his garage and thought they would look great with a little bit of work. He bolted the pair of barrels together, then [...]

[Udo] figured out how to turn a bunch of LEDs into a very low resolution camera. The build is based around [Udo]‘s Blinkenlight shield he’s been developing over the past year. The camera operates under the idea that there’s really not much difference between a LED and a photodiode; LEDs can do light emission and [...]

So Halloween finally arrived, we hope you had enough time to pull off your frightening feats in the way you had originally envisioned. Now it’s time again to look to the future and start planning this year’s Christmas decorations. Lights are always a popular theme, and this year you might want to look into DMX [...]

nice speculation, but imo it would make them look more bad, if they turn
down the reports, because it will come back to them (either via the
publication like in this case, or just simply someone exploiting it).
so while I don't have personal experience working with the facebook
security team, but at least they have a dedicated channel for reporting
security related bugs and even a bounty program.
thats more than the 99% of the...

I have finished working on the Beta release for my project to create a user-friendly interface to customizing and updating Back|Track. It is available via svn
Code:
svn checkout http://backtrack-update.googlecode.com/svn/trunk/ backtrack-update
It has two parts to it: iso_mod.sh and update.sh
iso_mod.sh will allow the end-user to mount the Back|Track iso in a chroot environment

update.sh will allow the end-user to modify either the host Back|Track operating system or to update the chroot environment for iso_mod.sh
There was a thread sometime a while back discussing the need for an update script to Back|Track 5 and one fella posted the right idea, but that script needed some tweaking for mkisofs and such. It also was very messy with how it handled the directories it created and such. I took the time to fix this; I do not claim original credit for the ISO modification script; I've just tweaked it a bit.

The exciting part is the update.sh script. This script is not for the apt-get side of the house. It is aimed more towards directories that require 'svn up' or 'nikto.pl -update' type stuff..... If a user wants to add in something via apt-get, they can simply do that by hand. The underlying feature is that it will allow the user to "Multi-Thread" updates via backgrounding of multiple xterm sessions. It doesn't multi-thread in the TCP/IP aspect, but it has the ability to launch multiple updates at once, thereby allowing the user to take full advantage of high-bandwidth downloads and such. Regarding where I had the ideas for what to update and such I give to sickn3ss; good job bro. (Now that I think about it, on the next revision of the script which is coming soon, I must include you in the credits)

The work on update.sh is far from done. I've used a -hold flag for xterm which forces the user to manually close each xterm screen that is launched (This was so the user could see when that specific command is finished, otherwise it would closeout without the user seeing whether is was successful or not). As soon as I implement a tail log feature for successes/failures of updating, I will erase the hold flag.

As well, I am in need of ideas for what to include on this script. It is very versatile and can have pretty much anything at all added to it.

Thanks for your time and please send feedback to my email listed in the comments of the scripts!

The main thing is that the security division at facebook probably runs
the bug hunting page (as with everywhere else, which does make a decent
bit of sense). And, if you spot bugs before they do, then that looks
bad on them (internally at the company and externally to the world).
So, it is not in their interest to openly acknowledge your bugs,
especially by paying you cash money (not to mention, accounting is going
to hate them if they...

Secunia Security Advisory - Two vulnerabilities have been reported in Perl, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

Secunia Security Advisory - Fujitsu has acknowledged two vulnerabilities in Interstage HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and bypass certain security restrictions.

Secunia Security Advisory - Multiple vulnerabilities have been reported in eFront, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system and by malicious people to bypass certain security restrictions, conduct cross-site scripting and SQL injection attacks, and compromise a vulnerable system.

Secunia Security Advisory - Debian has issued an update for python-django. This fixes some vulnerabilities, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service).